Skip to content

Commit

Permalink
Merge branch 'auth-api' into couchdb
Browse files Browse the repository at this point in the history
  • Loading branch information
@stefankoegl
stefankoegl committed Aug 27, 2011
2 parents fce6409 + 4ed83ca commit e27d9e8
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 41 deletions.
46 changes: 8 additions & 38 deletions mygpo/api/advanced/auth.py
View file
Expand Up @@ -16,63 +16,33 @@
#

from mygpo.api.basic_auth import require_valid_user, check_username
from mygpo.decorators import allowed_methods
from django.contrib import auth
from django.http import HttpResponse
from mygpo.api.httpresponse import JsonResponse
from django.shortcuts import get_object_or_404
from mygpo.api.models import Device
from django.utils.translation import ugettext as _
from datetime import datetime, timedelta
from django.views.decorators.csrf import csrf_exempt


@csrf_exempt
@require_valid_user
@check_username
def login(request, username, device_uid):
@allowed_methods(['POST'])
def login(request, username):
"""
authenticates the user with regular http basic auth
the device is created if it doesn't already exist
"""

d, created = Device.objects.get_or_create(user=request.user, uid=device_uid)

request.session['device'] = device_uid
request.session.set_expiry(datetime.now()+timedelta(days=365))

# the user has been logged in at this point already
r = {'valid': True}
return JsonResponse(r)
request.session.set_expiry(datetime.utcnow()+timedelta(days=365))
return HttpResponse()


@csrf_exempt
@check_username
def logout(request, username, device_uid):
@allowed_methods(['POST'])
def logout(request, username):
"""
logs out the user. does nothing if he wasn't logged in
"""
auth.logout(request)

auth.logout(request)
return HttpResponse()


@csrf_exempt
def validate(request, username, device_uid):
"""
checks if the client has been authenticated for the given useru
"""
if not request.user.is_authenticated():
return JsonResponse({'valid': False, 'reason': 'Client not authenticated'})

if request.user.username != username:
return JsonResponse({'valid': False, 'reason': 'Client authenticated for different username: %s' % request.user.username})

get_object_or_404(Device, user=request.user, uid=device_uid)

# skip if client isn't authenticated for any device
if request.session['device'] and (device_uid != request.session['device']):
return JsonResponse({'valid': False, 'reason': 'Client authenticated for different device: %s' % request.session['device']})

return JsonResponse({'valid': True})


5 changes: 2 additions & 3 deletions mygpo/api/urls.py
View file
Expand Up @@ -22,9 +22,8 @@
(r'^api/[12]/devices/(?P<username>[\w.-]+)/(?P<device_uid>[\w.-]+)\.json', 'device'),
(r'^api/[12]/devices/(?P<username>[\w.-]+)\.json', 'devices'),

(r'^api/2/auth/(?P<username>[\w.-]+)/(?P<device_uid>[\w.-]+)/login\.json', 'auth.login'),
(r'^api/2/auth/(?P<username>[\w.-]+)/(?P<device_uid>[\w.-]+)/logout\.json', 'auth.logout'),
(r'^api/2/auth/(?P<username>[\w.-]+)/(?P<device_uid>[\w.-]+)/validate\.json', 'auth.validate'),
(r'^api/2/auth/(?P<username>[\w.-]+)/login\.json', 'auth.login'),
(r'^api/2/auth/(?P<username>[\w.-]+)/logout\.json', 'auth.logout'),
(r'^api/2/tags/(?P<count>\d+)\.json', 'directory.top_tags'),
(r'^api/2/tag/(?P<tag>[^/]+)/(?P<count>\d+)\.json', 'directory.tag_podcasts'),
(r'^api/2/data/podcast\.json', 'directory.podcast_info'),
Expand Down

0 comments on commit e27d9e8

Please sign in to comment.